When we engage third parties to perform services for us that involve handling any of the personal information we hold, we engage the third-party service provider in accordance with the obligations that apply to ANU Sport under the Privacy Act.
- Personal information - means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form; and
- Sensitive information - (a type of personal information), means information or an opinion about an individual’s race or ethnic origins, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, trade or professional associations and memberships, union membership, criminal record, health or genetic information or biometric information.
- University - the Australian National University.
- Data breach - means unauthorised access to, or unauthorised disclosure of, personal information or a loss of personal information.
We collect, hold, use and disclose your personal information to enable us to meet legal obligations and for a range of internal purposes.
We may also collect, use or disclose personal information in situations where it may be impracticable to obtain your consent or give you prior notice, if we reasonably believe it is necessary to do so, such as:
- to lessen or prevent a serious threat to life, health or safety;
- when we are required or authorised to do so by or under a law;
- to take appropriate action in relation to suspected unlawful activity or serious misconduct;
- to assist authorities to locate a person reported as missing;
- establishing or defending a legal or equitable claim, or participating in a confidential dispute resolution process; or
- for enforcement related activities conducted by, or on behalf of, an enforcement body.
COLLECTION OF PERSONAL INFORMATION
ANU Sport collects a wide range of personal information (including, but not limited to, names, addresses, e-mail addresses, phone numbers, payment details, occupation and other information) in the course of its operations, for purposes that are directly related to its core functions or activities. ANU Sport may collect personal information:
- because we need it to provide a service you have requested or purchased;
- because you have provided it to us – membership enquiries or purchases, applying for an advertised employment/ volunteer opportunity, applying for an elite athlete travel grant/ scholarship; applying to participate in UniSport Nationals or a varsity competition; participating in or commenting on online forums, registering to attend an event/ social sport competition, asking us a question or making a complaint;
- because of your association with ANU Sport – regular sharing of information between the association and club executives;
- because we are required by law to collect it – for example because of higher education and immigration laws.
At all times we aim to collect only the information we need for the particular function or activity we are carrying out. We may not be able to provide the assistance or services you seek if you do not provide us with personal information when we request it.
We only collect personal information by lawful and fair means. We usually collect personal information directly from you when you are contacting us regarding our services.
COLLECTING SENSITIVE INFORMATION
We will only collect your sensitive information where you have consented to us doing so and the information is reasonably necessary for one or more of our functions or activities or where the collection is required or permitted by law, such as certain employment law or the Safety, Rehabilitation and Compensation Act 1988 (Cth).
COLLECTION FROM PEOPLE OTHER THAN YOU
In the course of our day to day activities as an employer, we may collect personal information about you indirectly from publicly available sources, or from third parties you have authorised to disclose your information. We also collect personal information from publicly available sources to enable us to identify and contact stakeholders who may be interested in our endowment and philanthropy programs.
UNSOLICITED PERSONAL INFORMATION
If we receive personal information about you that we have not requested, and we determine that we could not have lawfully collected that information under the APPs had we asked for it, we will destroy or de-identify the information if it is lawful and reasonable to do so.
Where practicable and lawful, we will allow you to interact with us anonymously or using a pseudonym. However, for most of our functions and activities we usually need your name and contact information or your University ID number, and enough information about the particular matter to enable us to respond to your enquiry, request, application, transaction or complaint.
We may host or manage some publicly accessible blogs and other interactive media. If you choose to interact with these media, you can do so anonymously or using a pseudonym.
COLLECTING THROUGH WEBSITES
ANU Sport has its own public website at http://www.anu-sport.com.au. When you look at the ANU Sport website our server makes a record of your visit and logs some or all of the following information:
- your browser’s internet address;
- the date and time of your visit to the site;
- the pages you accessed and documents downloaded;
- the previous site visited;
- the type of browser you are using; and
- the username entered if accessing a restricted site.
ANU Sport uses this information for statistical purposes and for system administration tasks to maintain this service. We do not attempt to identify individuals however in the unlikely event of an investigation, the University, a law enforcement agency or other government agency may exercise its legal authority to inspect our server’s logs.
Entry to some ANU Sport web services is restricted by user log-in protocols. We require you to use your Active Carrot ID/ Fuse sports ID to access these sites to help us keep the information accessible through these sites secure from unauthorised alteration, use or disclosure, to resolve problems with our IT systems, and to keep an auditable record of who has accessed this information.
ACCESS TO ANU SPORT FACILITIES
If you use an ANU Sport facility that requires your University ID to be presented or swiped, we may use that information to identify you and to keep an auditable record of who has accessed our facility for security purposes.
If you enter any ANU Sport building or room that requires your University ID to be presented or swiped, we may use that information to identify you and to keep an auditable record of who has accessed our facility for security purposes.
Social Networking Services
We sometimes use social networking services such as, but not limited to Twitter, Facebook, Instagram, Snapchat and YouTube to communicate with the public about our activities or achievements. If you choose to communicate with us using these services, we may collect your personal information, but we will only use it to communicate with you. The social networking service may also collect or handle your personal information and use it for its own purposes. These services have their own privacy practices and policies. ANU Sport is unable to regulate the actions of those services. This policy does not apply to the acts or practices of those services.
We collect your non-ANU email address (and other contact details) when you join as an ANU Sport member, Club Affiliate or apply for employment. We only use this information to contact you for administrative purposes related to your engagement with us.
If you register to attend an event, we usually collect the contact details you provide at registration to communicate with you about the event you registered for. We may also communicate with you about other events we think you might be interested in. You can opt out of receiving further emails at the time you register for an event, by telling the sender by return email that you do not want to receive further emails, or you can unsubscribe from further events emails using the link in the email, according to how the event registration process is administered.
USE AND DISCLOSURE
We generally use or disclose personal information only with your consent and for the purpose we collected it or as required or permitted by law, unless you consent to us using or disclosing it for a different purpose. We generally do not disclose personal information without obtaining consent.
Sometimes we may use or disclose your personal information in circumstances where you would reasonably expect us to use or disclose it, the Privacy Act permits the disclosure, and it is impracticable to obtain your consent.
We may disclose your personal information to third parties:
- engaged by us to provide products or services, or to undertake functions or activities, on our behalf (e.g. processing payment information, managing databases, assisting with social sport competition);
- that are authorised by you to receive information we hold;
- that are our business partners, joint venturers, partners or agents; or
- such as our external advisers and government agencies.
We may also use and disclose personal information collected for the purposes of direct marketing of our products and services. Any direct marketing communications will advise recipients how they can opt out of receiving such marketing-related communications.
We will take reasonable steps to ensure that any third parties who receive your personal information from ANU Sport are bound by substantially similar privacy standards and obligations as ANU Sport.
We may disclose personal information to an external review body if you seek an external review of an ANU Sport decision or make a complaint to an external complaint handling body such as the Commonwealth Ombudsman.
If you make a complaint or report an incident to us about another person at ANU Sport, in some circumstances we may be required to disclose some of your personal information to the person about whom you have made a complaint. It may be that sometimes we are unable to act on your complaint or allegation unless you consent to this kind of disclosure. We will assess and handle complaints about the conduct of ANU Sport members in accordance with the ANU Sport Constitution, Policies and Procedures, and applicable laws.
In performing and managing our functions and activities, we may need to make your personal information available to third party services providers, including providers of cloud services and website hosts. These third parties may be located overseas. We will take reasonable steps to ensure that any third parties located overseas whom we engage to handle your personal information are bound by substantially similar privacy standards and obligations as ANU Sport. We will only send your personal information overseas in compliance with the Privacy Act and the APPs or with your consent.
DISCLOSURE OF SENSITIVE INFORMATION
We only disclose your sensitive information for the purposes for which you gave it to us, or for directly related purposes you would reasonably expect, or if the Privacy Act allows us to disclose it, or if you consent.
QUALITY OF PERSONAL INFORMATION
We take reasonable steps to ensure that the personal information we hold is accurate, up to date and complete by:
- asking you to update or confirm that your details are correct when you use our systems;
- recording information in a consistent format;
- where necessary, confirming the accuracy of information we collect from a third party or a public source; and
- adding updated or new personal information to existing records.
STORAGE AND SECURITY OF PERSONAL INFORMATION
- physical security over paper-based and electronic data storage and premises;
- computer and network security measures, including use of firewalls, password access and secure servers, encryption for online financial transactions and employee policies and IT security;
- policies about privacy of personal information and our employees’ access to and use of personal information;
- secure destruction of physical copies of personal information;
- restricting access to personal information to our employees and those acting on our behalf who are authorised and on a ‘need to know’ basis;
- retaining personal information for no longer than it is reasonably required, unless we are required by law to retain it for longer; and
- entering into confidentiality agreements with employees and third parties.
A lot of the information ANU Sport creates or handles is contained in or forms part of a Commonwealth Record. We take reasonable steps to destroy or de-identify personal information in a secure manner when we no longer need it. We are required to deal with most of our records in accordance with the Archives Act 1983 (Cth), and Disposal Authorities issued pursuant to that Act.
ACCESS AND CORRECTION OF YOUR PERSONAL INFORMATION
You have the right under the Privacy Act to ask for access to your personal information that we hold, and ask that we correct that personal information. You can ask for access or correction by contacting us and we will respond within 30 days.
If you ask, we will give you access to your personal information unless there is a law that allows or requires us not to. We will take reasonable steps to correct your personal information if we consider it is incorrect, unless there is a law that allows or requires us not to. We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we will notify you in writing setting out the reasons for refusal.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We will do so unless there is a valid reason not to. If we refuse to correct your personal information, you can ask us to attach a statement to it stating that you believe the information is incorrect and why.
You also have the right under the Freedom of Information Act 1982 (Cth) (FOI Act) to request access to documents that we hold and to ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.
DATA BREACH RESPONSE
If a data breach is identified, ANU Sport will implement the mandatory notifiable data breaches scheme that applies under The Privacy Act 1988.
HOW TO MAKE A COMPLAINT
If you wish to complain to us about how we have handled your personal information you should complain in writing. You will need to provide us with the details of your complaint, as well as any supporting evidence and information. If you need help lodging a complaint, you can contact us for information. If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint. We will endeavour to respond to all complaints and correspondence promptly.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days. If you are not satisfied with our response you may ask for a review by a more senior officer within ANU Sport (if that has not already happened) or you can complain to the Privacy Commissioner (www.oaic.gov.au). For further information see our internal complaint handling policies and procedures.
HOW TO CONTACT US ABOUT PRIVACY MATTERS
Phone: +61 2 6125 2273
Chief Executive Officer
ANU Sport & Recreation Association
Building 19 North Road
The Australian National University
Canberra ACT 2601
Effective Date: 29 August 2019